Gateway locations
DNS locations are a collection of DNS endpoints which can be mapped to physical entities such as offices, homes, or data centers.
The fastest way to start filtering DNS queries from a location is by changing the DNS resolvers at the router.
To add a DNS location to Gateway:
- In Zero Trust ↗, go to Gateway > DNS Locations.
- Select Add a location.
- Choose a name for your DNS location.
- Choose at least one DNS endpoint to resolve your organization's DNS queries.
- (Optional) Toggle the following settings:
- Enable EDNS client subnet sends a user's IP geolocation to authoritative DNS nameservers. EDNS Client Subnet (ECS) helps reduce latency by routing the user to the closest origin server. Cloudflare enables EDNS in a privacy preserving way by not sending the user's exact IP address but rather a
/24
range which contains their IP address. - Set as Default DNS Location sets this location as the default DoH endpoint for DNS queries.
- Enable EDNS client subnet sends a user's IP geolocation to authoritative DNS nameservers. EDNS Client Subnet (ECS) helps reduce latency by routing the user to the closest origin server. Cloudflare enables EDNS in a privacy preserving way by not sending the user's exact IP address but rather a
- Select Continue.
- (Optional) Turn on source IP filtering for your configured endpoints, then add any source IPv4/IPv6 addresses to validate.
- Endpoint authentication is required for standard IPv4 addresses and optional for dedicated IPv4 addresses.
- DoH endpoint filtering & authentication lets you restrict DNS resolution to only valid identities or user tokens in addition to IPv4/IPv6 addresses.
- Select Continue.
- Review the settings for your DNS location, then choose Done.